Age | Commit message (Collapse) | Author |
|
Fixes #20130
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20136)
(cherry picked from commit d4c5d8ff483d99f94d649fb67f1f26fce9694c92)
|
|
The lab tried doing a RSA decryption primitive using just n (using p, q) and d.
This failed for 2 reasons:
(1) e is required when importing
(2) Internally e is used for blinding.
Note n and e can be calculated using:
n = pq
e = (1/d) mod (p-1)(q-1)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20133)
(cherry picked from commit 6e3b1c81736b1829584e3f40c2d00040fe1aa881)
|
|
The check is unnecessary as the condition is already checked
before the switch statement.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20121)
(cherry picked from commit 01a17b24f6649fc192ba6bb9ea34e28ce9678e6c)
|
|
Fixes #19730
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19732)
(cherry picked from commit a4aa977d3a8049d5386dc583e16c17727c712eaa)
|
|
EVP_CIPHER_asn1_to_param() returns a value <= 0 in case of an error, and
a value greater than 0 in case of success. Two callsites only check for
< 0 instead of <= 0. The other callsites perform this check correctly.
Change the two callsites to <= 0. Additionally correctly handle a zero
return value from EVP_CIPHER_get_asn1_iv as success.
Fixes: #20116
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/201213)
(cherry picked from commit 114d99b46bfb212ffc510865df317ca2c1542623)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19959)
(cherry picked from commit bfd5680e6be789fd554acf2ad34428816a644eec)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19959)
(cherry picked from commit 0fec2121c0c40d8b098896c9bdf629a48fbafa63)
|
|
The by_dir certificate/CRL lookup code uses an OPENSSL_STACK to track
how many sequentially numbered CRL files have been loaded for a given
X509_NAME hash which is being requested. This avoids loading already
loaded CRL files and repeated stat() calls.
This OPENSSL_STACK is searched using sk_find, however this mutates
the OPENSSL_STACK unless it is known to be sorted. This operation
therefore requires a write lock, which was not taken.
Fix this issue by sorting the OPENSSL_STACK whenever it is mutated. This
guarantees no mutation will occur during sk_find. This is chosen over
taking a write lock during sk_find as retrieving a CRL by X509_NAME is
assumed to be a hotter path than the case where a new CRL is installed.
Also optimise the code by avoiding creating the structure to track the
last CRL file sequence number in the circumstance where it would match
the initial value, namely where no CRL with the given hash is installed.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20076)
(cherry picked from commit 3147785eb23bb27080a0b7accbbff46ac471e86c)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20086)
(cherry picked from commit d36a9d66dc72fb2262f6e7491f658fb1da8242d7)
|
|
Some ciphers/protocol versions have an explicit IV. We need to make sure we
have sufficient room for it in the underlying buffer.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20086)
(cherry picked from commit 3be93f1b264d35ad93ceb71affacdef1b930c3c6)
|
|
Test that sending large app data records works correctly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20086)
(cherry picked from commit 5e73bf03d78da6a635a0a48e1e584f5b9ead45e2)
|
|
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20095)
(cherry picked from commit 61222b95ff20f6a7bb20668e43b657561efdb922)
|
|
X509_VERIFY_PARAM_clear_flags doc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20052)
(cherry picked from commit ec6cbda0f2e435ae0efaec308dc5569c75bb759b)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)
(cherry picked from commit d7d1d0928af2f14e7e187fa8c78115d0d1aa28eb)
|
|
To this end, tweak the internal handling of ctx->total_timeout.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)
(cherry picked from commit b908ec0f217da0a23f9d81442f81d44c94c98f23)
|
|
Clarify behavior of OSSL_CMP_CTX_set_option() when given (negative)
values for OSSL_CMP_OPT_MSG_TIMEOUT or OSSL_CMP_OPT_TOTAL_TIMEOUT.
Fix doc of -msg_timeout and -total_timeout in openssl-cmp.pod.in
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)
(cherry picked from commit 5acd4007a0646ef1f9d0015ce438b891d1b24a62)
|
|
Current man page indicates the function returns an int while it returns
a long.
Fixes #20096.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20097)
(cherry picked from commit 2bde260ac0e30da39f4453e972c461cd9d1342e0)
|
|
RAND_bytes_ex() can also return 0 on failure. Other callers do check
this correctly. Change the check from <0 to <=0.
Fixes: #20100
CLA: trivial
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20106)
(cherry picked from commit a2b01ae1c84ccc250d5d5cb5f2f8714573e3f11b)
|
|
Byte swapping code incorrectly uses the number of AES rounds to swap expanded
AES key, while swapping only a single dword in a loop, resulting in swapped
key and partially swapped expanded keys, breaking AES encryption and
decryption on VIA Padlock hardware.
This commit correctly sets the number of swapping loops to be done.
Fixes #20073
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20077)
(cherry picked from commit 7331e7ef79fe4499d81cc92249e9c97e9ff9291a)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20023)
(cherry picked from commit 69d6ecb7c320bafe0d30a88949eb22e19704221a)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20023)
(cherry picked from commit 543ac2f0191f10d8a3774727fa691543de8b15bb)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20023)
(cherry picked from commit 9866200bbe8eb65628f3f3e6eb290c48efb5a8ac)
|
|
The other implementations of i2r return 0 in case of an error, but
i2r_ADMISSION_SYNTAX() returns -1. That means the check on i2r does not
catch the error. Change it to return 0 like the others do.
Fixes: #20066
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20068)
(cherry picked from commit 53b5d6c30f3b8eaf7a582da2265c0d1cfe14d54f)
|
|
In EC key generation, if allocation of struct ec_gen_ctx fails, values
provided by parameters are copied into the context at represented by a NULL
pointer. To fix this, prevent copy if allocation fails.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20055)
(cherry picked from commit 235ef96049dbe337a3c3c5d419dacbb5a81df1b3)
|
|
CLA: trivial
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20038)
(cherry picked from commit ed77c14d91ec008d4d78d7293f37bd4aa60071f0)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20044)
(cherry picked from commit 3b1c0c8f3cd66e80f81a9b7c9810bdada39363f2)
|
|
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.4.0...v4.5.0)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...
CLA: trivial
Signed-off-by: dependabot[bot] <support@github.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20046)
(cherry picked from commit c4edfa220e6d3705a0c6299463c83e61fd5f9d2c)
|
|
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20019)
(cherry picked from commit ae61bd34e676036f22e44e8184d1ba649a990619)
|
|
Otherwise the alloca can cause an exception.
Issue reported by Jiayi Lin.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20005)
(cherry picked from commit 30667f5c306dbc11ac0e6fddc7d26fd984d546ab)
|
|
This reverts commit 4378e3cd2a4d73a97a2349efaa143059d8ed05e8.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20005)
(cherry picked from commit 92d306b32b63dd502531a89fb96c4172be0ddb49)
|
|
is used.
Fixes #19934
The existing code was looking for the digest size, and then returned
zero.
The example code in EVP_KDF-SS.pod has been corrected to not use a
digest.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19935)
(cherry picked from commit e8add4d379075a6daef2591edd830297d469b9f4)
|
|
* capitalize `X509_NAME`
* add missing suffixes to `i2d_TYPE`
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20016)
(cherry picked from commit 5adca946c3b6f779eb593bff6dbefe0a85238d84)
|
|
The condition evaluation in #if conditions does not tolerate this
if the macro is not defined.
Fixes #19628
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20018)
(cherry picked from commit a509b97d2c4efd96e231913d49544ac7cb36b51b)
|
|
A zero BIGNUM contains zero bytes, while OSSL_PARAMs with an INTEGER (or
UNSIGNED INTEGER) data type are expected to have at least one data byte
allocated, containing a zero. This wasn't handled correctly.
Fixes #20011
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20013)
(cherry picked from commit c455f87aebf245814ba58d6a398b45ca4e80d1d7)
(cherry picked from commit e33c37aead7e7dd5647d949db7be875c8fa8c137)
|
|
This way, we guarantee that a zero is represented with one byte of data
that's set to zero.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20013)
(cherry picked from commit c2ae89148343750e420b72ef1b709ebbc16e47b8)
(cherry picked from commit fcc224a3c5c868ee4c0f5ab71d2f47e7f620bc98)
|
|
We also add tests where the zero bignum is the only parameter, to test what
that does with the allocated blocks that the OSSL_PARAM_BLD functionality
handles.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20013)
(cherry picked from commit b49cf273883c8d3f47542941fe5cc6cb51aec9c9)
(cherry picked from commit 2b7b7eebf9b7d01f8abab88b9ae0685f33c74b54)
|
|
Also test the OSSL_TRACE_CATEGORY_TRACE tracing - this fails
on address sanitizer runs without the fix for #19915
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(cherry picked from commit e64a169fc678b5e57db28d06c25020d69bc61e4c)
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19958)
|
|
The trace code assumes all categories are present and
the category numbers are equal to the index in the table.
Fixes #19915
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(cherry picked from commit 78bd646b2f6a18cf8515e05a5f3efadff03b3920)
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19958)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(cherry picked from commit 1fcd84c7017416a3c9461914d7a943591ad87a82)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19958)
|
|
Fixes openssl#17422
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit fcff5bd43c85418cc4aa8052e3dc3dba344d763e)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19958)
|
|
Fixes #8630
The remaining functions are at least as old as 0.9.8 so it is
not worth documenting this.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19956)
(cherry picked from commit 8d927e55b751ba1af6c08cd4e37d565a43c56157)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19962)
(cherry picked from commit 3be76745e55eab9ea976f7a23e6c8ecd3bb8136c)
|
|
Fixes: #19996
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20001)
(cherry picked from commit 9c3de015121fb4ebbecccfbbda9eed8d4a3cb2d5)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20010)
|
|
This reverts commit 2a57a117a2e5b433a93ae6c15686d9751b9dc527.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20010)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19597)
(cherry picked from commit 4b65d79d7132d6e46bfb385a76082f6502ef617b)
|
|
Fixes #19584
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19597)
(cherry picked from commit 9506a2e274c643b94a2c265019ea9288f99a521a)
|
|
This reverts commit 8511520842b744d1794ea794c032ce5f78cd874b.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19597)
(cherry picked from commit f83490fb9ce4dd1c09d4f94526fbcad14bd2fd85)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19913)
(cherry picked from commit 69e18a4d93ee5f50bcbf62268b4a59df29d67a02)
|
|
Backport of commit 624efd2
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19967)
(cherry picked from commit 8c29e5ebfd5f19442422ba43fea4c95816417e34)
|